Dynamically providing safe phone numbers for responding to inbound communications

ABSTRACT

A system and method for dynamically providing safe call back numbers to use to respond to an inbound communication, the method comprising parsing message records from a message server, analyzing the message records for untrustworthy phone numbers by comparing content of the message records to a reference data set that is retrieved from a database, the reference data set including genuine and fraud data wherein the genuine and fraud data includes entities and contact information corresponding to the entities, determining untrustworthy phone numbers in the message records from the analysis, and generating remedy actions based on the determination of the untrustworthy phone numbers.

COPYRIGHT NOTICE

A portion of the disclosure of this patent document contains material,which is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent files or records, but otherwise reserves all copyrightrights whatsoever.

BACKGROUND OF THE INVENTION Field of the Invention

This application generally relates to scanning messages for fraud, andin particular, evaluating whether contact information in messages areassociated with legitimate entities and substituting proper contactinformation before a user attempts to return the message.

Description of the Related Art

Currently, a “robocaller,” telemarketer, or scammer can disseminate aphone number or other contact information by means of communication viaa call, text, or email. If the communication is not blocked, thecommunicator may leave a message, such as a voice message, with a phonenumber or contact information that the recipient of the communicationshould call back. The message may suggest that the phone number orcontact information is, for example, the recipient's bank, car company,credit card, the IRS (Internal Revenue Service) or other governmententity, and may state that the user is required to return the callbecause of an alleged fraud on their account or an expiring warranty orother urgent need. The message may use a reputable name, such as a nameof a bank, credit card company, or other business name to give anauthentic appearance.

When the recipient returns the call or communication, however, they aresolicited or scammed into buying a service they don't need, prompted toprovide account information which can result in identity theft, orotherwise inconvenienced or harmed by virtue of having contacted anentity with which they do not wish to communicate. Many smartphonescurrently facilitate a user returning a call to this improper phonenumber by generating a link on the phone number in the transcribed voicemessage, text message or email that the user merely needs to touch tothen be taken to a phone app with the number loaded into the dial fieldready to be called. Current voicemail or inbox systems do not assistcommunication recipients in distinguishing contact from fraudulent orother untrustworthy entities from legitimate entities.

As a result, if a recipient wants to somehow determine whether the givenentity that appears to have contacted them is “real”, they need to dotime-consuming real-time research—for example, an internet search—tolook up the official contact information from the entity, such as ontheir web site or “contact us” page, which itself may encounter fakeinformation (due to incorrectly entered web site names or fraudulentsearch results).

There is thus a need for a message scanning system that can authenticatecontact information of legitimate entities to prevent users fromreturning calls to untrustworthy or improper phone numbers. There isalso a need to automatically provide a safe mechanism to contact theentity, since it is uncertain if a given contact claiming to be fromthat entity is real or untrustworthy.

SUMMARY OF THE INVENTION

The present invention provides systems and methods for dynamicallyproviding safe call back numbers to use to respond to an inboundcommunication. According to one embodiment, a system comprises aprocessor and a memory having executable instructions stored thereonthat when executed by the processor cause the processor to parse amessage or call history record and extract entity contact data from theparsed message or call history record. The entity contact data mayinclude at least a phone number and alleged entity name. The processoris further configured to compare the extracted entity contact data witha reference data set that is retrieved from a database storing genuineand fraud data, where the genuine and fraud data includes entities andcontact data corresponding to the entities, determine the entity contactdata is not authentic based on the comparison of the entity contactdata, and execute a remedy action based on the determination, the remedyaction including a replacement of the phone number with an authenticphone number based on the determination.

The remedy action may be performed automatically, with user consent, inadvance of an attempt to call the phone number, or in real-time as auser attempts to dial the phone number. The remedy action may furtherinclude a message that the phone number has been replaced. In anotherembodiment, the remedy action further includes a warning that themessage or call history record includes fraudulent or otheruntrustworthy information. In another embodiment, the remedy actionfurther includes blocking of a communicator of a message or callassociated with the message or call history record from incoming andoutgoing communications. In yet another embodiment, the remedy actionfurther includes an insertion of a visual indicator or icon next to thephone number in the message or call history record that includes analert that the phone number is suspicious. The visual indicator or iconmay further include a link to call a correct number.

The processor can be further configured to determine that a communicatorof a message or call associated with the message or call history recordis unwanted or suspicious based on the comparing of the entity contactdata and determine the entity contact data is not authentic based on thedetermination that the communicator is unwanted or suspicious. Theprocessor may also be configured to access an electronic message inbox.The message or call history record may comprise at least one of a voicemessage, a transcribed voice message, and a text message. The processormay be configured to parse the message or call history record byidentifying information of interest. The processor may verify the entitycontact data by performing at least one of caller carrier analysis,cellular/landline analysis, fingerprinting, and matching to a databaseof templates associated with fraudulent or suspicious messages. Thesystem may comprise the processor further configured to replace thecontact data in the message or call history record with verified contactdata based on the determination that the contact data is not authentic.The processor may be further configured to identify calleridentification data and confirm the alleged entity based on the calleridentification data and a user contact list.

According to one embodiment, the system comprises a database including areference data set, the reference data set including genuine and frauddata wherein the genuine and fraud data includes entities and contactinformation corresponding to the entities, a message scanning servercommunicatively coupled to a message server, the message scanning serverconfigured to parse message records from the message server, analyze themessage records for fraudulent or other untrustworthy phone numbers bycomparing content of the message records to the reference data set, anddetermine untrustworthy phone numbers in the message records from theanalysis, and a prescription rule server communicatively coupled to themessage scanning server, the prescription rule server configured togenerate remedy actions based on the determination of the untrustworthyphone numbers.

The remedy action may include at least one of preventing calls to theuntrustworthy phone numbers, generating warnings of the untrustworthyphone numbers, and substituting the untrustworthy phone numbers in themessage records with correct phone numbers. The genuine and fraud datamay include numbers of legitimate calling entities. The genuine andfraud data may include known fraudulent numbers. The database mayfurther comprise one or more of a fingerprinting database, a database ofsuspicious text and messaging patterns, a database of carriers and theirscores, and a database of valid phone numbers. The message record maycomprise at least one of voice messages, transcribed voice messages, andtext messages. The message scanning server may be further configured toparse a call history record, extract contact data from the parsed callhistory record, compare the contact data with the reference data set,and determine the contact data is not authentic based on the comparison.The prescription rule server may be further configured to replace thecontact data with verified contact data based on the determination thatthe contact data is not authentic.

According to one embodiment, the method comprises parsing messagerecords from a message server, analyzing the message records foruntrustworthy phone numbers by comparing content of the message recordsto a reference data set that is retrieved from a database, the referencedata set including genuine and fraud data wherein the genuine and frauddata include entities and contact information corresponding to theentities, determining untrustworthy phone numbers in the message recordsfrom the analysis, and generating remedy actions based on thedetermination of the untrustworthy phone numbers.

The method may further comprise analyzing the message records byperforming at least one of caller carrier analysis, cellular/landlineanalysis, fingerprinting, and matching to a database of templatesassociated with fraudulent or suspicious messages. The remedy action mayinclude at least one of preventing calls to the untrustworthy phonenumbers, generating warnings of the untrustworthy phone numbers, andsubstituting the untrustworthy phone numbers in the message records withcorrect phone numbers. The message records may comprise at least one ofvoice messages, transcribed voice messages, and text messages. Themethod may further comprise parsing a call history record, extractingentity contact data from the parsed call history record, comparing theextracted entity contact data with the reference data set, determiningthe entity contact data is not authentic based on the comparison, andreplacing the contact data with verified contact data. The allegedentity may be confirmed based on caller identification data and a usercontact list.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is illustrated in the figures of the accompanying drawingswhich are meant to be exemplary and not limiting, in which likereferences are intended to refer to like or corresponding parts.

FIG. 1 illustrates a computing system according to an embodiment of thepresent invention.

FIG. 2 illustrates a flowchart of a method for providing safe call backnumbers according to an embodiment of the present invention.

FIG. 3 illustrates a computing system according to another embodiment ofthe present invention.

FIG. 4 illustrates a flowchart of a method for providing safe call backnumbers according to an embodiment of the present invention.

FIG. 5 illustrates a flowchart of a method for replacing call backnumbers according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Subject matter will now be described more fully hereinafter withreference to the accompanying drawings, which form a part hereof, andwhich show, by way of illustration, exemplary embodiments in which theinvention may be practiced. Subject matter may, however, be embodied ina variety of different forms and, therefore, covered or claimed subjectmatter is intended to be construed as not being limited to any exampleembodiments set forth herein; example embodiments are provided merely tobe illustrative. It is to be understood that other embodiments may beutilized and structural changes may be made without departing from thescope of the present invention. Likewise, a reasonably broad scope forclaimed or covered subject matter is intended. Throughout thespecification and claims, terms may have nuanced meanings suggested orimplied in context beyond an explicitly stated meaning. Likewise, thephrase “in one embodiment” as used herein does not necessarily refer tothe same embodiment and the phrase “in another embodiment” as usedherein does not necessarily refer to a different embodiment. It isintended, for example, that claimed subject matter include combinationsof exemplary embodiments in whole or in part. Among other things, forexample, subject matter may be embodied as methods, devices, components,or systems. Accordingly, embodiments may, for example, take the form ofhardware, software, firmware or any combination thereof (other thansoftware per se). The following detailed description is, therefore, notintended to be taken in a limiting sense.

The present application discloses systems and methods for safelyreturning calls based on phone numbers in messages from unknown orunwanted callers or numbers. According to one embodiment, a system maycomprise a server and/or client device executing code that scans auser's voice messages (either in audio or transcriptions), textmessages, or caller identification (“caller ID”) data history (e.g., of“missed calls”), and recognize phone numbers from the messages or callerID data. The system may check the caller's phone number and identify thecaller or determine if it's wanted or unwanted (using, for example, withwhite/black lists or with more advanced techniques as described incommonly owned U.S. Pat. No. 10,051,121, entitled “SYSTEM AND METHOD FORIDENTIFYING UNWANTED COMMUNICATIONS USING COMMUNICATION FINGERPRINTING”which is herein incorporated by reference in its entirety). The systemmay also provide an alternative or a guaranteed safe number that can beused to return a call, for times when a caller cannot be 100% trusted tobe the number of a claimed entity.

If the caller's phone number is unknown or unwanted, the system maysearch and determine whether the phone number is either authentic orfraudulent or otherwise untrustworthy, e.g., by comparing it to adatabase of known numbers for who the caller claims to be. For example,if the caller claims to be from the user's bank, the system may comparethe phone number against a database of phone numbers for the user's bankor all banks, as appropriate. The phone number can also be comparedagainst a list of known scam or unwanted numbers. However, if the phonenumber left in the message fails to be authenticated, the system mayeither prevent the call recipient from calling that phone number back orsubstitute the phone number in the message for an actual number for whothat caller claims to be. For example, if the voice or text message fromthe caller says, “please contact Chase Bank regarding a potential fraudon your account,” the system may substitute a fraudulent phone numberprovided in the message with an actual phone number corresponding toChase Bank's fraud prevention line from a database. The system mayinform or provide an indication to the user that the system isperforming such a function or operation and give the user the optionwhich phone number to call, or otherwise may just substitute thefraudulent phone number without notifying the user.

FIG. 1 presents a computing system according to an embodiment of thepresent invention. The system may comprise client device(s) 102 that arecapable of establishing and receiving telephonic communications viacommunications network 108. The communications network 108 may includeone or more public switch telephone networks, local area networks, widearea networks, the Internet, private VPN's (virtual private networks),or any other communications networks. In some embodiments, the clientdevice(s) 102 are enabled with an application such as the one availablefrom YouMail Inc., www.youmail.com, the assignee of the present patentapplication.

Client device(s) 102 may comprise computing devices capable of executingtelephony-related applications and electronic messaging applications.Examples of computing devices include mobile smartphones, desktopcomputers, television set top boxes, laptops, personal digitalassistants (PDA), tablet computers, e-book readers, smartwatches andsmart wearable devices, or any computing device having a centralprocessing unit and memory unit capable of connecting to acommunications network. The computing device may also comprise agraphical user interface (GUI) or a browser application provided on adisplay (e.g., monitor screen, LCD or LED display, projector, etc.). Acomputing device may also include or execute an application tocommunicate content, such as, for example, textual content, multimediacontent, or the like. A computing device may also include or execute anapplication to perform a variety of possible tasks, such as browsing,searching, playing various forms of content, including streamed audio. Acomputing device may include or execute a variety of operating systems,including a personal computer operating system, such as a Windows, MacOS or Linux, or a mobile operating system, such as iOS, Android, orWindows Mobile, or the like. A computing device may include or mayexecute a variety of possible applications, such as a computing softwareapplication enabling communication with other devices, such ascommunicating one or more messages, such as via email, short messageservice (SMS), or multimedia message service (MMS).

The system further includes message server 104 which may perform voicemail operations such as recording (and/or transcribing) voice messagesfor subscribers of client device(s) 102. A user may enable fraud messagescanning by providing a client application installed on client device(s)102, message scanning server 106, or a combination of the two, withaccess to their electronic message inbox including, e.g., recorded ortranscribed voice messages, and user call history (e.g., when people tryto simply return a call often because of seeing the caller ID or justblindly calling). hosted on the message server 104 or stored locally onclient device(s) 102. The recorded or transcribed voice messages andcall history logs may be scanned by the client application or messagescanning server 106 to detect fraud. According to one embodiment, theclient application or message scanning server 106 may analyzecommunication feeds including voice messages, texts and emails forfraudulent phone numbers, email addresses, websites, or other contactinformation.

Servers, as described herein, may vary widely in configuration orcapabilities but are comprised of at least a special-purpose digitalcomputing device or system including at least one or more centralprocessing units and memory. A server may also include one or more ofmass storage devices, power supplies, wired or wireless networkinterfaces, input/output interfaces, and operating systems, such asWindows Server, Mac OS X, Unix, Linux, FreeBSD, or the like. In anexample embodiment, a server may include or have access to memory forstoring instructions or applications for the performance of variousfunctions and a corresponding processor for executing storedinstructions or applications. For example, the memory may store aninstance of the server configured to operate in accordance with thedisclosed embodiments.

The client application or message scanning server 106 may be connectedto database(s) 110. Database(s) 110 may include a plurality of databasesincluding a fingerprinting database, a database of suspicioustext/messaging patterns, a database of carriers and their scores, and adatabase of valid phone numbers or communication addresses. Thedatabase(s) 110 may contain a reference data set that can be retrievedand used to analyze the content of the communication feeds by comparinginformation in the reference data set against, for example, phonenumbers, email addresses, websites, or contact information in thecontent of the communication feeds. The reference data set may includegenuine and fraud data which include entities (legitimate andfraudulent) and their corresponding contact information. Genuine datamay comprise lists of correct or verified phone numbers or contactinformation of, for example, safe entities (e.g., banks, car or creditcard companies, the IRS, other call centers) who may supply their phonenumbers to database(s) 110. Fraud data may comprise phone numbers orcontact information of unsafe entities. Call directory servers, callscreening systems, and other spam detection services may provide fraudinformation including lists of known fraudulent phone numbers todatabase(s) 110 as they are identified. For example, the clientapplication or message scanning server 106 may determine a phone numberor caller ID data in a message (or call history) is either authentic orfraudulent by comparing it to database(s) 110 of known numbers for who acaller claims to be. The phone number or caller ID data can also becompared against a list of known scam or unwanted numbers in database(s)110.

The client application or message scanning server 106 may also beconnected to a prescription rule server 112. The prescription ruleserver 112 may generate an executable remedy action which may dictatewhat actions are to be taken based on the analysis of the messages. If aphone number or other identification information left in an analyzedmessage or call history log is determined to be fraudulent or fails tobe authenticated, prescription rule server 112 may direct theapplication or message scanning server 106 to prevent the recipient ofthe call or message from communicating with the fraudulent phone number(or block access to a link or address), generate a warning of thefraudulent phone number or identification information, or substitute thefraudulent phone number or identification information in the message orcall history log with a verified number or contact information for whothat caller claims to be. In certain embodiments, prescription ruleserver 112 may be deployed within the client application.

Message scanning and remediation can be performed either when messagesor calls are received, or when a user selects a number from themessage/call history to call. In one embodiment, a remedy action mayinclude the client application inserting a visual indicator or icon nextto the number in the message, such as a red star, or an exclamationpoint, to alert the user that the number is suspicious and should not becalled. The icon may include a link which the user can select to callthe correct/genuine number instead. Alternatively, the system mayperform a scan and remedy action upon the client application detectingan instance where a user is trying to make a call or communication usinga link in a message. According to another embodiment, the user may beprompted to perform a check or scan of the user's messages and/or callhistory logs. The user may be prompted with a message, such as “you'retrying to return a call based on a number left in a message which mightbe suspicious, would you like us to check it first?”

FIG. 2 presents a flowchart of a method for providing safe call backnumbers according to an embodiment of the present invention. Users mayauthenticate the content of their messages by allowing a messagescanning system to access their message inboxes that are hosted on amessage server. Alternatively, the system may also authenticate numbersin a user's call history on a user's client device, such as for “missedcalls.” The authentication may be initiated automatically (e.g., in thebackground) or in real-time (e.g., as a user accesses a message or aboutto dial a number in the message). Authenticating the content may includeparsing a message (or call history) record, step 202. The message orcall history record may include files, data, or other forms ofinformation that may be retrieved from an electronic or virtual inbox ona message server, or on the user's client device, and may comprise avoice message, a transcribed voice message, a text message, or any othermessage format. Parsing a message or call history record may includeidentifying information of interest, such as sender/communicator name,metadata, a return phone number or email address, caller ID information,etc.

Entity contact data is extracted from the parsed message (or callhistory) record, step 204. The entity contact data may include a phonenumber, email address, or identifier and an alleged identity of theoriginator of the message, or anyone of the information of interest. Theentity contact data is compared with a reference data set, step 206.Comparing the entity contact data may include analysis by crossreferencing the entity contact data with genuine and fraud data which isrelated to entities (legitimate and fraudulent) and their contactinformation. For example, the system may compare a phone number and analleged entity in the message record to a correct phone numberassociated with the alleged entity. The system may also use informationthat is associated with a call or message to identify and/or confirm anidentity of an entity, such as incoming caller ID as well as the user'scontact lists (e.g., information stored in their address book).

The analysis of the entity contact data may account for differentinformation from the reference data set to decide whether a communicatoris unwanted or suspicious. For example, comparing the entity contactdata may include one or more of the following analysis:

(i) Caller carrier analysis—A carrier of the communicator's phone numbermay be determined and used to retrieve a score of the carrier. Thecarrier score may be used to determine whether a return phone number istrustworthy. A message from a communicator with a phone number having alow or untrustworthy carrier score may be flagged as suspicious. Carrierscores are described in further detail in commonly owned U.S. patentapplication Ser. No. 16/451,318, filed on Jun. 25, 2019, entitled“IDENTIFYING, SCREENING, AND BLOCKING OF CALLS FROM PROBLEMATICTELECOMMUNICATIONS CARRIERS AND NUMBER BLOCKS,” which is hereinincorporated by reference in its entirety.

(ii) Cellular/landline analysis—The system may determine whether acommunicator's phone number is a cellular or landline number. Since acall from a bank, automobile company, credit card company, and otherhelp or call centers for major companies are primarily landlines and notcellular phone numbers. As such, communicators using cellular phonenumbers may be treated suspiciously.

(iii) Fingerprinting— A “fingerprint” of a message or text may becreated and compared with a database of fingerprints of known recordingsof calls or messages (voice and/or text) from unwanted or wantedcommunicators by using speech processing, natural language processing,and machine learning algorithms with the information accumulated fromthe variety of sources. A fingerprint may comprise a uniqueidentification of a sequence of characters designed to capture thecontent of, for example, a commonly appearing or known voice message.The unique identification may include a representation of text contentdata including keywords or tags, and an emphasis of importance of eachkeyword or tag that may be indicated with a variety of indicators, suchas, ranking, arrangement, classification, word count, font size andcolor. Based on a comparison of the fingerprint of the message or textwith the database of fingerprints, the system may determine whether thecommunicator is unwanted and suspicious and treat the entity contactdata of the message record accordingly. Fingerprinting is described infurther detail in commonly owned U.S. Pat. No. 10,051,121, issued onAug. 14, 2018, entitled “SYSTEM AND METHOD FOR IDENTIFYING UNWANTEDCOMMUNICATIONS USING COMMUNICATION FINGERPRINTING,” which is hereinincorporated by reference in its entirety.

(iv) Match the message against a database of templates of fraudulent orsuspicious messages—Textual messages or voice messages, for example, maybe collected from a plurality of users into a database and analyzed forfraudulent and suspicious activity. Fraudulent messages may be used tocreate templates of fraudulent or suspicious messages for comparisonwith a given message. The templates may also include known patterns orattributes of fraudulent messages. The known patterns or attributes offraudulent messages may include certain keywords or phrases commonlyassociated with scammers, telemarketer, etc.

A determination is made whether the entity contact data is authenticbased on the verification, step 208. The determination may perform oneor more of the aforementioned analysis and weigh results of the analysisaccording to certain thresholds. For example, one or more scores may becalculated for the entity contact data based on certain authenticitycriteria. If given scores of one or more criteria exceed satisfactorythresholds, the entity contact data may be deemed authentic. Accordingto one embodiment, a threshold for what constitutes a suspicious messageor call may be lower given that the system is not necessarily blockingthe message or communicator. Additionally, if the communicator isdetermined to be unwanted or suspicious, the entity contact data of themessage may be determined as suspicious or fraudulent (e.g., notauthentic). Otherwise, the message record (or a number in the user'scall history) may be deemed authentic.

If the entity contact data is determined to be authentic, communicationcorresponding to the entity contact data may be allowed, step 210. Thatis, the user may be allowed to access/dial a link, number, or address inthe message (or call history log). However, if the entity contact datais determined to be not authentic, a remedy action may be executed, step212. Various remedy actions may be generated based on authenticityscoring. The remedy action may include at least one of generating awarning that the message contains fraudulent information, substitutingcontent in the message record (or user call history) with verifiedinformation (e.g., with a safe/correct number or contact information),or blocking the communicator/sender of the message from incoming andoutgoing communications. Accordingly, scaling of actions may correlatewith the authenticity scoring.

FIG. 3 presents a computing system according to another embodiment ofthe present invention. Computing system 300 may comprise a retrievalunit 302 that can access a user's messages and call histories bycommunicating with a user's client device via application interface 304.The retrieval unit 302 may either retrieve messages and call historiesdirectly from the user's client device or given permission/credentialsto download the user's messages from a message server. Upon retrieval ofthe user's messages or call histories, parser 306 may parse the messagesor call history entries to identify information of interest, such assender/communicator name, metadata, a return phone number or emailaddress, caller ID information, etc.

Content analyzer 308 may extract the information that is parsed by theparser 306. The extracted information may be analyzed by contentanalyzer 308 in accordance with a reference data set that can beretrieved from one or more databases through database interface 310. Theextracted information may be cross referenced with the reference dataset which may include correct information of safe entities and/orfraudulent information of unsafe entities. The content analyzer 308 mayfurther determine whether the extracted information is either authenticor fraudulent based on a verification with the reference data set. Forexample, the content analyzer 308 may determine fraudulent phone numbersin the extracted information.

Content analyzer 308 may send results of analysis to prescription rulemodule 312. Prescription rule module 312 is operable to generate orprovide remedy actions based on the determination of the fraudulentphone numbers. Remedy actions may comprise executable instructions thatmay be transmitted to the user's client device through applicationinterface 304. The remedy actions may instruct the user's client deviceto perform certain operations if the message or call history isdetermined to include fraudulent information (e.g., fake caller ID).Exemplary remedy actions may include generating a warning that themessage or call history contains fraudulent information, substitutingcontent in the message with verified information (e.g., with asafe/correct number or contact information), or blocking thecommunicator/sender of the message from incoming and outgoingcommunications.

FIG. 4 presents a flowchart of a method for providing safe call backnumbers according to one embodiment. For any inbound call or message, acomputing system may determine who a claimed caller actually is, andwhether that caller is entirely trustable. A message or caller ID from amissed call data may be scanned by a computing system for an untrustedcall back number. The message may comprise voice or text messages.Messages may be processed using natural language analyzers and phrasedetection algorithms. A phone number in a message is identified, step402. The phone number may be an untrusted phone number that a caller maywant a recipient of the message to call or dial.

An entity that is alleged in the message is determined, step 404. Forexample, a caller leaving the message may claim to be associated with anentity, such as a bank or credit card company. A correct phone numberfor the entity is determined, step 406. The correct phone number may bedetermined by retrieving a phone number associated with the entity froma trusted data source.

The system determines whether the phone number in the message is thecorrect phone number, step 408. The phone number may be compared withthe retrieved phone number. The system may also compare the phone numberwith a database including genuine and fraud data. Additionally,techniques, such as Signature-based Handling of Asserted InformationUsing toKENs (“SHAKEN”) and Secure Telephone Identity Revisited (“STIR”)may be used to authenticate the phone number. SHAKEN/STIR verificationmay comprise callers having their caller ID “signed” as legitimate byoriginating carriers and validated by a service provider at thedestination to verify that an incoming call is really coming from anumber listed on a caller ID display. If the phone number in the messageis the same as the correct phone number, the message is determined to besafe, step 410. Otherwise, the phone number in the message is replacedwith the correct phone number, step 412.

FIG. 5 presents a flowchart of a method for replacing call back numbersaccording to an embodiment of the present invention. A computing systeminitializes configurations for scanning a user's messages (or callhistory), step 502. The system determines whether automatic replacementhas been selected, step 504. Configuring for automatic replacement mayallow the computing system to directly proceed to scan a message, step512. If not, the system may determine if the user has consented to scana message, step 506. Consenting to the scan may be an on-demand request.

If the user has not consented to the scan, the system waits for useraction, step 508. The system check determines if a user's actionsrequires a real-time response, such as attempting to dial a phone numbercontained within the message (or call history). If a real-time responseis triggered, the system proceeds to scan the message at step 512. Onthe other hand, a user action that does not require a real-timeresponse, the system may loop back to step 506 to wait for the user'sconsent. Receiving the user consent allows the computing system to scanthe message at step 512.

The computing system can determine whether a phone number in the scannedmessage (or call history) is correct for an entity asserted in themessage, step 514, by consulting a reference data set or a databasestoring genuine and fraud data. A correct phone number may be retrievedfor the asserted entity and compared with the phone number in themessage. A message is determined to be safe if the phone number iscorrect, step 516.

If the phone number is not correct, the user may be optionally notifiedof a replacement of the phone number in the message (or call history),step 518. The option may be configured with a setting by the user orpredefined by the system. If no notification is needed, the systemreplaces the phone number in the message (or the user's call historylog) with the correct phone number, step 520. A message that indicatesthe replacement is generated if the user is to be notified, step 522,prior to replacing the phone number.

FIGS. 1 through 5 are conceptual illustrations allowing for anexplanation of the present invention. Notably, the figures and examplesabove are not meant to limit the scope of the present invention to asingle embodiment, as other embodiments are possible by way ofinterchange of some or all of the described or illustrated elements.Moreover, where certain elements of the present invention can bepartially or fully implemented using known components, only thoseportions of such known components that are necessary for anunderstanding of the present invention are described, and detaileddescriptions of other portions of such known components are omitted soas not to obscure the invention. In the present specification, anembodiment showing a singular component should not necessarily belimited to other embodiments including a plurality of the samecomponent, and vice-versa, unless explicitly stated otherwise herein.Moreover, applicants do not intend for any term in the specification orclaims to be ascribed an uncommon or special meaning unless explicitlyset forth as such. Further, the present invention encompasses presentand future known equivalents to the known components referred to hereinby way of illustration.

It should be understood that various aspects of the embodiments of thepresent invention could be implemented in hardware, firmware, software,or combinations thereof. In such embodiments, the various componentsand/or steps would be implemented in hardware, firmware, and/or softwareto perform the functions of the present invention. That is, the samepiece of hardware, firmware, or module of software could perform one ormore of the illustrated blocks (e.g., components or steps). In softwareimplementations, computer software (e.g., programs or otherinstructions) and/or data is stored on a machine-readable medium as partof a computer program product and is loaded into a computer system orother device or machine via a removable storage drive, hard drive, orcommunications interface. Computer programs (also called computercontrol logic or computer-readable program code) are stored in a mainand/or secondary memory, and executed by one or more processors(controllers, or the like) to cause the one or more processors toperform the functions of the invention as described herein. In thisdocument, the terms “machine readable medium,” “computer-readablemedium,” “computer program medium,” and “computer usable medium” areused to generally refer to media such as a random access memory (RAM); aread only memory (ROM); a removable storage unit (e.g., a magnetic oroptical disc, flash memory device, or the like); a hard disk; or thelike.

The foregoing description of the specific embodiments will so fullyreveal the general nature of the invention that others can, by applyingknowledge within the skill of the relevant art(s) (including thecontents of the documents cited and incorporated by reference herein),readily modify and/or adapt for various applications such specificembodiments, without undue experimentation, without departing from thegeneral concept of the present invention. Such adaptations andmodifications are therefore intended to be within the meaning and rangeof equivalents of the disclosed embodiments, based on the teaching andguidance presented herein. It is to be understood that the phraseologyor terminology herein is for the purpose of description and not oflimitation, such that the terminology or phraseology of the presentspecification is to be interpreted by the skilled artisan in light ofthe teachings and guidance presented herein, in combination with theknowledge of one skilled in the relevant art(s).

What is claimed is:
 1. A system for providing safe call back numbers,the system comprising: a processor; and a memory having executableinstructions stored thereon that when executed by the processor causethe processor to: parse a message or call history record; extract entitycontact data from the parsed message or call history record, the entitycontact data including at least a phone number and alleged entity;compare the extracted entity contact data with a reference data set thatis retrieved from a database storing genuine and fraud data, the genuineand fraud data including entities and contact data corresponding to theentities; determine the entity contact data is not authentic based onthe comparison; and execute a remedy action based on the determination,the remedy action including a replacement of the phone number with anauthentic phone number based on the determination.
 2. The system ofclaim 1 wherein the remedy action further includes a message that thephone number has been replaced.
 3. The system of claim 1 wherein theremedy action is performed in advance of an attempt to call the phonenumber.
 4. The system of claim 1 wherein the remedy action is performedin real-time as a user attempts to dial the phone number.
 5. The systemof claim 1 wherein the remedy action further includes a warning that themessage or call history record includes fraudulent information.
 6. Thesystem of claim 1 wherein the remedy action further includes blocking ofa communicator of a message or call associated with the message or callhistory record from incoming and outgoing communications.
 7. The systemof claim 1 wherein the remedy action further includes an insertion of avisual indicator or icon next to the phone number in the message or callhistory record that includes an alert that the phone number issuspicious.
 8. The system of claim 1 wherein the processor is furtherconfigured to: determine that a communicator of a message or callassociated with the message or call history record is unwanted orsuspicious based on the comparing; and determine the entity contact datais not authentic based on the determination that the communicator isunwanted or suspicious.
 9. The system of claim 1 wherein the message orcall history record comprises at least one of a voice message, atranscribed voice message, and a text message.
 10. The system of claim 1wherein the processor is further configured to perform at least one ofcaller carrier analysis, cellular/landline analysis, fingerprinting, andmatching to a database of templates associated with fraudulent orsuspicious messages.
 11. The system of claim 1 wherein the processor isfurther configured to replace the contact data in the message or callhistory record with verified contact data based on the determinationthat the contact data is not authentic.
 12. The system of claim 1wherein the processor is further configured to: identify calleridentification data; and confirm the alleged entity based on the calleridentification data and a user contact list.
 13. A system for providingsafe call back numbers, the system comprising: a database including areference data set, the reference data set including genuine and frauddata wherein the genuine and fraud data includes entities and contactinformation corresponding to the entities; a message scanning servercommunicatively coupled to a message server, the message scanning serverconfigured to: parse message records from the message server, analyzethe message records for untrustworthy phone numbers by comparing contentof the message records to the reference data set, and determineuntrustworthy phone numbers in the message records from the analysis; aprescription rule server communicatively coupled to the message scanningserver, the prescription rule server configured to generate remedyactions based on the determination of the untrustworthy phone numbers;wherein the remedy action includes substituting the untrustworthy phonenumbers in the message records with correct phone numbers.
 14. Thesystem of claim 13 wherein the remedy action further includes at leastone of preventing calls to the untrustworthy phone numbers andgenerating warnings of the untrustworthy phone numbers.
 15. The systemof claim 13 wherein the database further comprises one or more of afingerprinting database, a database of suspicious text and messagingpatterns, a database of carriers and their scores, and a database ofvalid phone numbers.
 16. The system of claim 13 wherein the messagerecords comprise at least one of voice messages, transcribed voicemessages, and text messages.
 17. The system of claim 13 wherein themessage scanning server is further configured to: parse a call historyrecord; extract contact data from the parsed call history record;compare the contact data with the reference data set; determine thecontact data is not authentic based on the comparison; and theprescription rule server is further configured to replace the contactdata with verified contact data based on the determination that thecontact data is not authentic.
 18. A method, in a data processing systemcomprising a processor and a memory, for providing safe call backnumbers, the method comprising: parsing, by the data processing system,message records from a message server; analyzing, by the data processingsystem, the message records for untrustworthy phone numbers by comparingcontent of the message records to a reference data set that is retrievedfrom a database, the reference data set including genuine and fraud datawherein the genuine and fraud data includes entities and contactinformation corresponding to the entities; determining, by the dataprocessing system, untrustworthy phone numbers in the message recordsfrom the analysis; generating, by the data processing system, remedyactions based on the determination of the untrustworthy phone numbers;wherein the remedy action includes substituting the untrustworthy phonenumbers in the message records with correct phone numbers.
 19. Themethod of claim 18 further comprising analyzing the message records byperforming at least one of caller carrier analysis, cellular/landlineanalysis, fingerprinting, and matching to a database of templatesassociated with untrustworthy or suspicious messages.
 20. The method ofclaim 18 wherein the remedy action further includes at least one ofpreventing calls to the untrustworthy phone numbers and generatingwarnings of the untrustworthy phone numbers.